Subreddit Rules and Wiki

Enjoy our Wiki! It has all sorts of nifty advice and explains most topics you’re interested in if you’re reading this.

Latest

2020-05-01

Reddit has implemented a new Chat feature, that for now, doesn’t allow Subreddits to opt out. These chat rooms are unmoderated and form a risk vector. Anyone using the r/Privacy Chat feature should exercise due caution. Do Not Share PII While Chatting!

2019-01-09

I think… I think we’re going to have 400,000 subscribers soon, and that’s all kinds of awesome!

TrueCrypt 7.1a was audited and determined to have no significant cryptographic issues anywhere in the code, which makes it arguably the safest encryption software out there, since no other large-scale encryption software has been audited to that extent, to my knowledge.

As px403 says, modern processors have functionaloity to make crypto very fast. You also need to remember that most machines are not pushed to their limits in terms of processing much of the time. It tends to be processor usage or disk IO, not both at the same time.

HORNET aims for more scalability and efficiency as it pushes the traffic through its network by having the intermediate relay nodes avoid keeping the per-session state (for instance, encryption keys and routing information) and pushing that task to the nodes on either end of the connection. Without that task, nodes can theoretically forward traffic more quickly to a larger number of clients.

I haven't read the paper yet, but something I'm wondering is if the relay nodes push the routing information to the next nodes, how would the transmission be kept anonymous?

EDIT: Holy shit. That looks difficult to properly implement. And after reading it, I am not at all convinced that it will be faster than Tor.

No. Not to be rude, but did I say anything that implies that I think that? Of course the private keys are kept private. What I haven't wrapped my mind around is how the public keys are exchanged without interference from a MITM without removing anonymity (i.e. storing Public Key 1 from Node A; providing Public Key 2 (while having the matching Private Key 2) to Node B; from Node B, accepting Cipher Text Γ that is encrypted via Public Key 2; decrypting Cipher Text Γ via Private Key 2; reading or modifying the message; encrypting the message with Public Key 1 to make Cipher Text Δ, sending Cipher Text Δ to Node A. Without a way for the nodes to directly communicate with each other, neither Node A nor Node B would likely know that a MITM attack occurred. And if nodes did have a way to communicate directly, there wouldn't be too much need for an onion network. On another note, I noticed that the proposed protocol mentions sharing symmetric keys. That's something else that perplexes me. I'll have to read through it again (and probably multiple times) to see how exactly they plan on managing all of this. At a first look though, I just don't understand what would make it secure.

Yeah, I think that's what I meant, the public keys. I'm no crypto guru. Of nodes A-F, if node C had access to all 3 public keys, it could provide bogus public keys to D-F, decrypt the traffic coming in, read/store it, then recrypt it using the valid public keys, and send it on its way, then do the same thing on the return trip. I totally missed the symmetric keys part though. That's just asking to be exploited.